superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

virtio_blk: NULL out vqs to avoid double free on failed resume 

The vblk->vqs releases during freeze. If resume fails before vblk->vqs
is allocated, later freeze/remove may attempt to free vqs again.
Set vblk->vqs to NULL after freeing to avoid double free.

Signed-off-by: Cong Zhang <cong.zhang@oss.qualcomm.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
pull/1354/merge
Cong Zhang 2025-10-21 19:07:56 +08:00 committed by Jens Axboe
parent 3451cf34f5
commit 0739c2c6a0
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
drivers/block/virtio_blk.c
View File

@ -1027,8 +1027,13 @@ static int init_vq(struct virtio_blk *vblk)
out: out:
kfree(vqs); kfree(vqs);
kfree(vqs_info); kfree(vqs_info);
if (err) if (err) {
kfree(vblk->vqs); kfree(vblk->vqs);
/*
* Set to NULL to prevent freeing vqs again during freezing.
*/
vblk->vqs = NULL;
}
return err; return err;
} }
@ -1599,6 +1604,12 @@ static int virtblk_freeze_priv(struct virtio_device *vdev)
vdev->config->del_vqs(vdev); vdev->config->del_vqs(vdev);
kfree(vblk->vqs); kfree(vblk->vqs);
/*
* Set to NULL to prevent freeing vqs again after a failed vqs
* allocation during resume. Note that kfree() already handles NULL
* pointers safely.
*/
vblk->vqs = NULL;
return 0; return 0;
} }